fixes CVE-2011-3602

radvd-1.8.2-iface.patch

@@ -0,0 +1,12 @@
+diff -up radvd-1.8.2/device-linux.c.iface radvd-1.8.2/device-linux.c
+--- radvd-1.8.2/device-linux.c.iface	2011-10-10 10:26:47.089760082 +0200
++++ radvd-1.8.2/device-linux.c	2011-10-10 10:27:12.149014098 +0200
+@@ -244,7 +244,7 @@ set_interface_var(const char *iface,
+ 		return -1;
+ 
+ 	/* No path traversal */
+-	if (strstr(name, "..") || strchr(name, '/'))
++	if (!iface[0] || !strcmp(iface, ".") || !strcmp(iface, "..") || strchr(iface, '/'))
+ 		return -1;
+ 
+ 	if (access(spath, F_OK) != 0)

radvd.spec

@@ -4,7 +4,7 @@
 Summary:    A Router Advertisement daemon
 Name:       radvd
 Version:    1.8.2
-Release:    1%{?dist}
+Release:    2%{?dist}
 # The code includes the advertising clause, so it's GPL-incompatible
 License:    BSD with advertising
 Group:      System Environment/Daemons
@@ -20,6 +20,8 @@ Requires(pre):      /usr/sbin/useradd
 BuildRequires:      flex, flex-static, byacc
 BuildRoot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
+Patch1: radvd-1.8.2-iface.patch
+
 %description
 radvd is the router advertisement daemon for IPv6.  It listens to router
 solicitations and sends router advertisements as described in "Neighbor
@@ -34,6 +36,8 @@ services.
 %prep
 %setup -q
 
+%patch1 -p1 -b .iface
+
 %build
 export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -fPIE" 
 export LDFLAGS='-pie -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen'
@@ -109,6 +113,9 @@ exit 0
 %{_sbindir}/radvdump
 
 %changelog
+* Mon Oct 10 2011 Jiri Skala <jskala@redhat.com> - 1.8.2-2
+- fixes CVE-2011-3602
+
 * Fri Oct 07 2011 Jiri Skala <jskala@redhat.com> - 1.8.2-1
 - update to latest upstream version 1.8.2
 - this update fixes CVE-2011-360{1..5}